Project

General

Profile

Actions
Copy link

Documentation #7138

open

"Permission denied" when trying to add and update new ruleset

Added by Lu 99 2 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Beginner

Description

Hi ! how are you. Thanks for this great tool.

I'm on a Ubuntu based system and installed suricata 7.0.6

I follwed security advice and I'm runing suricata as suricata user.

Then I followed instructions to add a new ruleset:

sudo suricata-update enable-source oisf/trafficid

But when trying to update and merge the ruleset, I got this error:

sudo suricata-update
[...]
4/7/2024 -- 11:30:06 - <Info> -- Enabled 136 rules for flowbit dependencies.
4/7/2024 -- 11:30:06 - <Info> -- Backing up current rules.
4/7/2024 -- 11:30:08 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 50940; enabled: 38724; added: 34; removed 0; modified: 0
4/7/2024 -- 11:30:08 - <Info> -- Writing /var/lib/suricata/rules/classification.config
4/7/2024 -- 11:30:08 - <Info> -- Testing with suricata -T.
4/7/2024 -- 11:30:08 - <Error> -- Error opening file: "/tmp/tmpror979xf/fast.log": Permission denied
4/7/2024 -- 11:30:08 - <Error> -- output module "fast": setup failed
4/7/2024 -- 11:30:08 - <Error> -- Suricata test failed, aborting.
4/7/2024 -- 11:30:08 - <Error> -- Restoring previous rules.

I guess is easy to solve changing some permissions at /tmp or adding suricata to some group, but not sure exactly what the best way and would be nice to do it together and improve documentation.

Related issues 1 (1 open0 closed)

Related to Suricata-Update - Bug #6241: Suricata test-mode can fail when user and group provided with run-as.NewJason IshActions
Actions
Copy link

Also available in: Atom PDF